[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri May 11 10:03:02 UTC 2018
The branch, master has been updated
via 1766f77 winbind: Fix UPN handling in canonicalize_username()
via a05b63d winbind: Fix UPN handling in parse_domain_user()
via 32770e9 winbind: Remove unused function parse_domain_user_talloc()
via 789c89e winbind: Pass upn unmodified to lookup names
via 2715f52 nsswitch:tests: Add test for wbinfo --user-info
via 5319cae selftest: Add a user with a different userPrincipalName
via 4fa811e nsswitch: Lookup the domain in tests with the wb seperator
via 0aceca6 nsswitch: Add a test looking up domain sid
via 0d2f743 nsswitch: Add a test looking up the user using the upn
via 9bc2b92 selftest: Make sure we have correct group mappings
from 569937b tests: Add tests for samba-tool passwordsettings commands
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1766f77493c5a76e4d7d1e5eedcaa150cc9ea552
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 26 17:32:42 2018 +0200
winbind: Fix UPN handling in canonicalize_username()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144
commit a05b63db627fdbe0bdea4d144dfaeedb39025592
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 26 12:17:12 2018 +0200
winbind: Fix UPN handling in parse_domain_user()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 32770e929ace8fe3f2469037ed887be14b3c5503
Author: Andreas Schneider <asn at samba.org>
Date: Thu Apr 26 17:23:41 2018 +0200
winbind: Remove unused function parse_domain_user_talloc()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 789c89e6ecb7d388fb5acdd5abc8fe99c58524f0
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 22 14:10:28 2018 +0100
winbind: Pass upn unmodified to lookup names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
commit 2715f52f54e66a73131a92d752a8c2447da1fd33
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 20 11:20:44 2018 +0200
nsswitch:tests: Add test for wbinfo --user-info
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5319cae00096dcecc29aa9fa675a983352ad64d8
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 20 09:38:24 2018 +0200
selftest: Add a user with a different userPrincipalName
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f
Author: Andreas Schneider <asn at samba.org>
Date: Mon May 7 13:23:42 2018 +0200
nsswitch: Lookup the domain in tests with the wb seperator
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0aceca6a94e868f9c01a66f79624ca10d80560ab
Author: Andreas Schneider <asn at samba.org>
Date: Fri May 4 12:43:05 2018 +0200
nsswitch: Add a test looking up domain sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 20 11:24:30 2018 +0200
nsswitch: Add a test looking up the user using the upn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 9bc2b922bbc6539341a2056f33f117ac350e61f1
Author: Andreas Schneider <asn at samba.org>
Date: Mon May 7 16:20:30 2018 +0200
selftest: Make sure we have correct group mappings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_idmap_ad.sh | 2 +-
nsswitch/tests/test_idmap_nss.sh | 4 +-
nsswitch/tests/test_idmap_rid.sh | 2 +-
nsswitch/tests/test_wbinfo_name_lookup.sh | 13 ++++-
nsswitch/tests/test_wbinfo_user_info.sh | 83 +++++++++++++++++++++++++++++++
selftest/knownfail.d/upn_handling | 8 +++
selftest/target/Samba3.pm | 9 ++++
selftest/target/Samba4.pm | 19 ++++++-
source3/selftest/tests.py | 16 +++++-
source3/winbindd/wb_lookupname.c | 8 +--
source3/winbindd/wb_xids2sids.c | 1 +
source3/winbindd/winbindd_cache.c | 5 +-
source3/winbindd/winbindd_ccache_access.c | 43 +++++++++++-----
source3/winbindd/winbindd_creds.c | 3 +-
source3/winbindd/winbindd_getgrnam.c | 18 +++++--
source3/winbindd/winbindd_getgroups.c | 13 ++++-
source3/winbindd/winbindd_getpwnam.c | 13 ++++-
source3/winbindd/winbindd_irpc.c | 7 ++-
source3/winbindd/winbindd_lookupname.c | 17 ++++---
source3/winbindd/winbindd_pam.c | 83 +++++++++++++++++++++++--------
source3/winbindd/winbindd_pam_auth.c | 11 ++--
source3/winbindd/winbindd_pam_chauthtok.c | 12 +++--
source3/winbindd/winbindd_pam_logoff.c | 12 +++--
source3/winbindd/winbindd_proto.h | 19 ++++---
source3/winbindd/winbindd_util.c | 63 ++++++++++++-----------
25 files changed, 375 insertions(+), 109 deletions(-)
create mode 100755 nsswitch/tests/test_wbinfo_user_info.sh
create mode 100644 selftest/knownfail.d/upn_handling
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh
index 2f4ee32..7450ae0 100755
--- a/nsswitch/tests/test_idmap_ad.sh
+++ b/nsswitch/tests/test_idmap_ad.sh
@@ -20,7 +20,7 @@ failed=0
. `dirname $0`/../../testprogs/blackbox/subunit.sh
-DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
if [ $? -ne 0 ] ; then
echo "Could not find domain SID" | subunit_fail_test "test_idmap_ad"
exit 1
diff --git a/nsswitch/tests/test_idmap_nss.sh b/nsswitch/tests/test_idmap_nss.sh
index 5072a0d..1bbc177 100755
--- a/nsswitch/tests/test_idmap_nss.sh
+++ b/nsswitch/tests/test_idmap_nss.sh
@@ -13,8 +13,8 @@ failed=0
. `dirname $0`/../../testprogs/blackbox/subunit.sh
-testit "wbinfo returns domain SID" $wbinfo -n "@$DOMAIN" || exit 1
-DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+testit "wbinfo returns domain SID" $wbinfo -n "$DOMAIN/" || exit 1
+DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
echo "Domain $DOMAIN has SID $DOMAIN_SID"
# Find an unused uid and SID
diff --git a/nsswitch/tests/test_idmap_rid.sh b/nsswitch/tests/test_idmap_rid.sh
index 7fb5985..8209a50 100755
--- a/nsswitch/tests/test_idmap_rid.sh
+++ b/nsswitch/tests/test_idmap_rid.sh
@@ -16,7 +16,7 @@ failed=0
. `dirname $0`/../../testprogs/blackbox/subunit.sh
-DOMAIN_SID=$($wbinfo -n "@$DOMAIN" | cut -f 1 -d " ")
+DOMAIN_SID=$($wbinfo -n "$DOMAIN/" | cut -f 1 -d " ")
if [ $? -ne 0 ] ; then
echo "Could not find domain SID" | subunit_fail_test "test_idmap_rid"
exit 1
diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
index 696e25b..c1d39c1 100755
--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -8,8 +8,9 @@ exit 1;
fi
DOMAIN=$1
-DC_USERNAME=$2
-shift 2
+REALM=$2
+DC_USERNAME=$3
+shift 3
failed=0
sambabindir="$BINDIR"
@@ -22,6 +23,14 @@ testit "name-to-sid.single-separator" \
$wbinfo -n $DOMAIN/$DC_USERNAME || \
failed=$(expr $failed + 1)
+testit "name-to-sid.at_domain" \
+ $wbinfo -n $DOMAIN/ || \
+ failed=$(expr $failed + 1)
+
+testit "name-to-sid.upn" \
+ $wbinfo -n $DC_USERNAME@$REALM || \
+ failed=$(expr $failed + 1)
+
# Two separator characters should fail
testit_expect_failure "name-to-sid.double-separator" \
$wbinfo -n $DOMAIN//$DC_USERNAME || \
diff --git a/nsswitch/tests/test_wbinfo_user_info.sh b/nsswitch/tests/test_wbinfo_user_info.sh
new file mode 100755
index 0000000..2803ac1
--- /dev/null
+++ b/nsswitch/tests/test_wbinfo_user_info.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+# Blackbox test for wbinfo lookup for account name and upn
+# Copyright (c) 2018 Andreas Schneider <asn at samba.org>
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: $(basename $0) DOMAIN REALM USERNAME1 UPN_NAME1 USERNAME2 UPN_NAME2
+EOF
+exit 1;
+fi
+
+DOMAIN=$1
+REALM=$2
+USERNAME1=$3
+UPN_NAME1=$4
+USERNAME2=$5
+UPN_NAME2=$6
+shift 6
+
+failed=0
+
+samba_bindir="$BINDIR"
+wbinfo_tool="$VALGRIND $samba_bindir/wbinfo"
+
+UPN1="$UPN_NAME1@$REALM"
+UPN2="$UPN_NAME2@$REALM"
+
+. $(dirname $0)/../../testprogs/blackbox/subunit.sh
+
+test_user_info()
+{
+ local cmd out ret user domain upn userinfo
+
+ domain="$1"
+ user="$2"
+ upn="$3"
+
+ if [ $# -lt 3 ]; then
+ userinfo="$domain/$user"
+ else
+ userinfo="$upn"
+ fi
+
+ cmd='$wbinfo_tool --user-info $userinfo'
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ echo "failed to lookup $userinfo"
+ echo "$out"
+ return 1
+ fi
+
+ echo "$out" | grep "$domain/$user:.*:.*:.*::/home/$domain/Domain Users/$user"
+ ret=$?
+ if [ $ret != 0 ]; then
+ echo "failed to lookup $userinfo"
+ echo "$out"
+ return 1
+ fi
+
+ return 0
+}
+
+testit "name_to_sid.domain.$USERNAME1" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME1 || failed=$(expr $failed + 1)
+testit "name_to_sid.upn.$UPN_NAME1" $wbinfo_tool --name-to-sid $UPN1 || failed=$(expr $failed + 1)
+
+testit "user_info.domain.$USERNAME1" test_user_info $DOMAIN $USERNAME1 || failed=$(expr $failed + 1)
+testit "user_info.upn.$UPN_NAME1" test_user_info $DOMAIN $USERNAME1 $UPN1 || failed=$(expr $failed + 1)
+
+testit "name_to_sid.domain.$USERNAME2" $wbinfo_tool --name-to-sid $DOMAIN/$USERNAME2 || failed=$(expr $failed + 1)
+testit "name_to_sid.upn.$UPN_NAME2" $wbinfo_tool --name-to-sid $UPN2 || failed=$(expr $failed + 1)
+
+testit "user_info.domain.$USERNAME2" test_user_info $DOMAIN $USERNAME2 || failed=$(expr $failed + 1)
+testit "user_info.upn.$UPN_NAME2" test_user_info $DOMAIN $USERNAME2 $UPN2 || failed=$(expr $failed + 1)
+
+USERNAME3="testdenied"
+UPN_NAME3="testdenied_upn"
+UPN3="$UPN_NAME3@${REALM}.upn"
+testit "name_to_sid.upn.$UPN_NAME3" $wbinfo_tool --name-to-sid $UPN3 || failed=$(expr $failed + 1)
+testit "user_info.upn.$UPN_NAME3" test_user_info $DOMAIN $USERNAME3 $UPN3 || failed=$(expr $failed + 1)
+
+exit $failed
diff --git a/selftest/knownfail.d/upn_handling b/selftest/knownfail.d/upn_handling
new file mode 100644
index 0000000..bcbedb4
--- /dev/null
+++ b/selftest/knownfail.d/upn_handling
@@ -0,0 +1,8 @@
+^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.ad_member
+^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.ad_member
+^samba3\.wbinfo_user_info\.user_info\.domain\.alice.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.upn\.alice.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.domain\.jane.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.upn\.jane\.doe.fl2008r2dc
+^samba3\.wbinfo_user_info\.name_to_sid\.upn\.testdenied_upn.fl2008r2dc
+^samba3\.wbinfo_user_info\.user_info\.upn\.testdenied_upn.fl2008r2dc
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6c86701..2b1752f 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2412,6 +2412,9 @@ sub wait_for_start($$$$$)
$netcmd .= "NSS_WRAPPER_GROUP='$envvars->{NSS_WRAPPER_GROUP}' ";
$netcmd .= Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} ";
+ $cmd = $netcmd . "groupmap delete ntgroup=domusers";
+ $ret = system($cmd);
+
$cmd = $netcmd . "groupmap add rid=513 unixgroup=domusers type=domain";
$ret = system($cmd);
if ($ret != 0) {
@@ -2419,6 +2422,9 @@ sub wait_for_start($$$$$)
return 1;
}
+ $cmd = $netcmd . "groupmap delete ntgroup=domadmins";
+ $ret = system($cmd);
+
$cmd = $netcmd . "groupmap add rid=512 unixgroup=domadmins type=domain";
$ret = system($cmd);
if ($ret != 0) {
@@ -2426,6 +2432,9 @@ sub wait_for_start($$$$$)
return 1;
}
+ $cmd = $netcmd . "groupmap delete ntgroup=everyone";
+ $ret = system($cmd);
+
$cmd = $netcmd . "groupmap add sid=S-1-1-0 unixgroup=everyone type=builtin";
$ret = system($cmd);
if ($ret != 0) {
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 51a175b..5353779 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -877,7 +877,7 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
}
# Create to users alice and bob!
- my $user_account_array = ["alice", "bob"];
+ my $user_account_array = ["alice", "bob", "jane"];
foreach my $user_account (@{$user_account_array}) {
my $samba_tool_cmd = "";
@@ -892,6 +892,23 @@ userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
}
}
+ my $ldbmodify = "";
+ $ldbmodify .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
+ $ldbmodify .= "KRB5CCNAME=\"$ret->{KRB5_CCACHE}\" ";
+ $ldbmodify .= Samba::bindir_path($self, "ldbmodify");
+
+ my $base_dn = "DC=".join(",DC=", split(/\./, $ctx->{realm}));
+ my $user_dn = "cn=jane,cn=users,$base_dn";
+
+ open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
+ print LDIF "dn: $user_dn
+changetype: modify
+replace: userPrincipalName
+userPrincipalName: jane.doe\@$ctx->{realm}
+-
+";
+ close(LDIF);
+
return $ret;
}
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c234679..5ebebb5 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -214,7 +214,21 @@ plantestsuite("samba3.wbinfo_simple.(%s:local).%s" % (env, t), "%s:local" % env,
plantestsuite("samba3.wbinfo_name_lookup", env,
[ os.path.join(srcdir(),
"nsswitch/tests/test_wbinfo_name_lookup.sh"),
- '$DOMAIN', '$DC_USERNAME' ])
+ '$DOMAIN', '$REALM', '$DC_USERNAME' ])
+
+env = "ad_member:local"
+plantestsuite("samba3.wbinfo_user_info", env,
+ [ os.path.join(srcdir(),
+ "nsswitch/tests/test_wbinfo_user_info.sh"),
+ '$DOMAIN', '$REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+
+env = "fl2008r2dc:local"
+plantestsuite("samba3.wbinfo_user_info", env,
+ [ os.path.join(srcdir(),
+ "nsswitch/tests/test_wbinfo_user_info.sh"),
+ '$TRUST_DOMAIN', '$TRUST_REALM', 'alice', 'alice', 'jane', 'jane.doe' ])
+
+env = "ad_member"
t = "WBCLIENT-MULTI-PING"
plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
plantestsuite("samba3.substitutions", env, [os.path.join(samba3srcdir, "script/tests/test_substitutions.sh"), "$SERVER", "alice", "Secret007", "$PREFIX"])
diff --git a/source3/winbindd/wb_lookupname.c b/source3/winbindd/wb_lookupname.c
index 1dd6b68..c7b027b 100644
--- a/source3/winbindd/wb_lookupname.c
+++ b/source3/winbindd/wb_lookupname.c
@@ -35,7 +35,9 @@ static void wb_lookupname_done(struct tevent_req *subreq);
struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- const char *dom_name, const char *name,
+ const char *namespace,
+ const char *dom_name,
+ const char *name,
uint32_t flags)
{
struct tevent_req *req, *subreq;
@@ -61,9 +63,9 @@ struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- domain = find_lookup_domain_from_name(state->dom_name);
+ domain = find_lookup_domain_from_name(namespace);
if (domain == NULL) {
- DEBUG(5, ("Could not find domain for %s\n", state->dom_name));
+ DEBUG(5, ("Could not find domain for %s\n", namespace));
tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
return tevent_req_post(req, ev);
}
diff --git a/source3/winbindd/wb_xids2sids.c b/source3/winbindd/wb_xids2sids.c
index a2a4493..0d21e55 100644
--- a/source3/winbindd/wb_xids2sids.c
+++ b/source3/winbindd/wb_xids2sids.c
@@ -185,6 +185,7 @@ static void wb_xids2sids_init_dom_maps_lookupname_next(
subreq = wb_lookupname_send(state,
state->ev,
dom_maps[state->dom_idx].name,
+ dom_maps[state->dom_idx].name,
"",
LOOKUP_NAME_NO_NSS);
if (tevent_req_nomem(subreq, state->req)) {
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 9f9e878..2778e27 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3221,7 +3221,8 @@ bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
return NT_STATUS_IS_OK(status);
}
-bool lookup_cached_name(const char *domain_name,
+bool lookup_cached_name(const char *namespace,
+ const char *domain_name,
const char *name,
struct dom_sid *sid,
enum lsa_SidType *type)
@@ -3230,7 +3231,7 @@ bool lookup_cached_name(const char *domain_name,
NTSTATUS status;
bool original_online_state;
- domain = find_lookup_domain_from_name(domain_name);
+ domain = find_lookup_domain_from_name(namespace);
if (domain == NULL) {
return false;
}
diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c
index 039e653..ddeaf1d 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -43,8 +43,9 @@ static bool client_can_access_ccache_entry(uid_t client_uid,
return False;
}
-static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username,
+static NTSTATUS do_ntlm_auth_with_stored_pw(const char *namespace,
const char *domain,
+ const char *username,
const char *password,
const DATA_BLOB initial_msg,
const DATA_BLOB challenge_msg,
@@ -182,11 +183,12 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid)
void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_domain, name_user;
+ fstring name_namespace, name_domain, name_user;
NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
struct WINBINDD_MEMORY_CREDS *entry;
DATA_BLOB initial, challenge, auth;
uint32_t initial_blob_len, challenge_blob_len, extra_len;
+ bool ok;
/* Ensure null termination */
state->request->data.ccache_ntlm_auth.user[
@@ -197,8 +199,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
/* Parse domain and username */
- if (!canonicalize_username(state->request->data.ccache_ntlm_auth.user,
- name_domain, name_user)) {
+ ok = canonicalize_username(state->request->data.ccache_ntlm_auth.user,
+ name_namespace,
+ name_domain,
+ name_user);
+ if (!ok) {
DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
request_error(state);
@@ -238,7 +243,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
}
/* Parse domain and username */
- if (!parse_domain_user(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) {
+ ok = parse_domain_user(state->request->data.ccache_ntlm_auth.user,
+ name_namespace,
+ name_domain,
+ name_user);
+ if (!ok) {
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse "
"domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
@@ -273,10 +282,16 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
state->request->data.ccache_ntlm_auth.challenge_blob_len);
result = do_ntlm_auth_with_stored_pw(
- name_user, name_domain, entry->pass,
- initial, challenge, talloc_tos(), &auth,
- state->response->data.ccache_ntlm_auth.session_key,
- &state->response->data.ccache_ntlm_auth.new_spnego);
+ name_namespace,
+ name_domain,
+ name_user,
+ entry->pass,
+ initial,
+ challenge,
+ talloc_tos(),
+ &auth,
+ state->response->data.ccache_ntlm_auth.session_key,
+ &state->response->data.ccache_ntlm_auth.new_spnego);
if (!NT_STATUS_IS_OK(result)) {
goto process_result;
@@ -304,8 +319,9 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
void winbindd_ccache_save(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_domain, name_user;
+ fstring name_namespace, name_domain, name_user;
NTSTATUS status;
+ bool ok;
/* Ensure null termination */
state->request->data.ccache_save.user[
@@ -319,8 +335,11 @@ void winbindd_ccache_save(struct winbindd_cli_state *state)
/* Parse domain and username */
- if (!canonicalize_username(state->request->data.ccache_save.user,
- name_domain, name_user)) {
+ ok = canonicalize_username(state->request->data.ccache_save.user,
+ name_namespace,
+ name_domain,
+ name_user);
+ if (!ok) {
DEBUG(5,("winbindd_ccache_save: cannot parse domain and user "
"from name [%s]\n",
state->request->data.ccache_save.user));
diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index 15cca55..2d7aacf 100644
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -76,7 +76,8 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
enum lsa_SidType type;
- if (!lookup_cached_name(domain->name,
+ if (!lookup_cached_name(domain->name, /* namespace */
+ domain->name,
user,
&cred_sid,
&type)) {
diff --git a/source3/winbindd/winbindd_getgrnam.c b/source3/winbindd/winbindd_getgrnam.c
index 02d9abc..37c205d 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -22,7 +22,7 @@
struct winbindd_getgrnam_state {
struct tevent_context *ev;
- fstring name_domain, name_group;
+ fstring name_namespace, name_domain, name_group;
struct dom_sid sid;
const char *domname;
const char *name;
@@ -42,6 +42,7 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
struct winbindd_getgrnam_state *state;
char *tmp;
NTSTATUS nt_status;
+ bool ok;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_getgrnam_state);
@@ -66,7 +67,15 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
/* Parse domain and groupname */
- parse_domain_user(tmp, state->name_domain, state->name_group);
+ ok = parse_domain_user(tmp,
+ state->name_namespace,
+ state->name_domain,
+ state->name_group);
+ if (!ok) {
+ DBG_INFO("Could not parse domain user: %s\n", tmp);
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
/* if no domain or our local domain and no local tdb group, default to
* our local domain for aliases */
@@ -76,7 +85,10 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX *mem_ctx,
fstrcpy(state->name_domain, get_global_sam_name());
}
- subreq = wb_lookupname_send(state, ev, state->name_domain, state->name_group,
+ subreq = wb_lookupname_send(state, ev,
+ state->name_namespace,
+ state->name_domain,
+ state->name_group,
0);
if (tevent_req_nomem(subreq, req)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list